dw.crypto
Class Signature
Object
dw.crypto.Signature

This class allows access to signature services offered through the Java Cryptography Architecture (JCA). At this time the signature/verification implementation of the methods is based on the default RSA JCE provider of the JDK - sun.security.rsa.SunRsaSign

dw.crypto.Signature is an adapter to the security provider implementation and covers several digest algorithms:

  • SHA1withRSA (deemed weak, consider switching to at least SHA256)
  • SHA256withRSA
  • SHA384withRSA
  • SHA512withRSA

Key size generally ranges between 512 and 65536 bits (the latter of which is unnecessarily large).
Default key size for RSA is 1024. SHA384withRSA and SHA512withRSA require a key with length of at least 1024 bits.
When choosing a key size - beware of the tradeoff between security and processing time:
The longer the key, the harder to break it but also it takes more time for the two sides to sign and verify the signature.
An exception will be thrown for keys shorter than 2048 bits in this version of the API.

Note: this class handles sensitive security-related data. Pay special attention to PCI DSS v3. requirements 2, 4, 12, and other relevant requirements.

Constants
SUPPORTED_DIGEST_ALGORITHMS_AS_ARRAY  :  String[]
Supported digest algorithms exposed as a string array
Constructor Summary
Method Summary
isDigestAlgorithmSupported(digestAlgorithm : String) : boolean
Checks to see if a digest algorithm is supported
sign(contentToSign : String, privateKey : String, digestAlgorithm : String) : String
Signs a string and returns a string
sign(contentToSign : String, privateKey : KeyRef, digestAlgorithm : String) : String
Signs a string and returns a string
signBytes(contentToSign : Bytes, privateKey : String, digestAlgorithm : String) : Bytes
Signs bytes and returns bytes
signBytes(contentToSign : Bytes, privateKey : KeyRef, digestAlgorithm : String) : Bytes
Signs bytes and returns bytes
verifyBytesSignature(signature : Bytes, contentToVerify : Bytes, publicKey : String, digestAlgorithm : String) : boolean
Verifies a signature supplied as bytes
verifyBytesSignature(signature : Bytes, contentToVerify : Bytes, certificate : CertificateRef, digestAlgorithm : String) : boolean
Verifies a signature supplied as bytes
verifySignature(signature : String, contentToVerify : String, publicKey : String, digestAlgorithm : String) : boolean
Verifies a signature supplied as string
verifySignature(signature : String, contentToVerify : String, certificate : CertificateRef, digestAlgorithm : String) : boolean
Verifies a signature supplied as string
Methods inherited from class Object
Constructor Detail
Signature
public Signature()

Method Detail
isDigestAlgorithmSupported
isDigestAlgorithmSupported(digestAlgorithm : String) : boolean
Checks to see if a digest algorithm is supported
Parameters:
digestAlgorithm - the digest algorithm name
Returns:
a boolean indicating success (true) or failure (false)

sign
sign(contentToSign : String, privateKey : String, digestAlgorithm : String) : String
Signs a string and returns a string
Parameters:
contentToSign - base64 encoded content to sign
privateKey - base64 encoded private key
digestAlgorithm - must be one of the currently supported ones
Returns:
the base64 encoded signature

sign
sign(contentToSign : String, privateKey : KeyRef, digestAlgorithm : String) : String
Signs a string and returns a string
Parameters:
contentToSign - base64 encoded content to sign
privateKey - a reference to a private key entry in the keystore
digestAlgorithm - must be one of the currently supported ones
Returns:
the base64 encoded signature

signBytes
signBytes(contentToSign : Bytes, privateKey : String, digestAlgorithm : String) : Bytes
Signs bytes and returns bytes
Parameters:
contentToSign - transformed with UTF-8 encoding into a byte stream
privateKey - base64 encoded private key
digestAlgorithm - must be one of the currently supported ones
Returns:
signature

signBytes
signBytes(contentToSign : Bytes, privateKey : KeyRef, digestAlgorithm : String) : Bytes
Signs bytes and returns bytes
Parameters:
contentToSign - transformed with UTF-8 encoding into a byte stream
privateKey - a reference to a private key entry in the keystore
digestAlgorithm - must be one of the currently supported ones
Returns:
signature

verifyBytesSignature
verifyBytesSignature(signature : Bytes, contentToVerify : Bytes, publicKey : String, digestAlgorithm : String) : boolean
Verifies a signature supplied as bytes
Parameters:
signature - signature to check as bytes
contentToVerify - as bytes
publicKey - base64 encoded public key
digestAlgorithm - must be one of the currently supported ones
Returns:
a boolean indicating success (true) or failure (false)

verifyBytesSignature
verifyBytesSignature(signature : Bytes, contentToVerify : Bytes, certificate : CertificateRef, digestAlgorithm : String) : boolean
Verifies a signature supplied as bytes
Parameters:
signature - signature to check as bytes
contentToVerify - as bytes
certificate - a reference to a trusted certificate entry in the keystore
digestAlgorithm - must be one of the currently supported ones
Returns:
a boolean indicating success (true) or failure (false)

verifySignature
verifySignature(signature : String, contentToVerify : String, publicKey : String, digestAlgorithm : String) : boolean
Verifies a signature supplied as string
Parameters:
signature - base64 encoded signature
contentToVerify - base64 encoded content to verify
publicKey - base64 encoded public key
digestAlgorithm - must be one of the currently supported ones
Returns:
a boolean indicating success (true) or failure (false)

verifySignature
verifySignature(signature : String, contentToVerify : String, certificate : CertificateRef, digestAlgorithm : String) : boolean
Verifies a signature supplied as string
Parameters:
signature - base64 encoded signature
contentToVerify - base64 encoded content to verify
certificate - a reference to a trusted certificate entry in the keystore
digestAlgorithm - must be one of the currently supported ones
Returns:
a boolean indicating success (true) or failure (false)